Exec Talks about Growing Security Pressures: Page 2

Q: A lot of administrators want to move to Linux because they think
it's more secure than Windows? How dangerous can life be on the Linux
platform?

I think it's probably too early to tell.

It is certainly true today that the most damaging attacks have afflicted
Windows-based systems and that, by comparison, Linux has been relatively
immune. However, there are real questions as to the true reasons for the
apparent safety of Linux.

The first and most important issue is prevalence. Just as in biological
systems, dense populations are most conducive to the spread of
contagions. And in contrast, more dispersed populations are more immune
to rampant, fast-spreading attacks. Thus Linux, with its more sparse
installed base -- and absence from the desktop -- will be inherently
more secure than Windows, as long as Windows maintains such a dominant
share of installations.

Another potential characteristic in favor of Linux is the degree to
which Microsoft is viewed as a more ''deserving'' target of attack
compared with Linux. In addition, some believe that Linux code, because
it is open, is more heavily scrutinized and therefore benefits from the
security expertise of thousands of developers, while others say that it
is far easier to find security flaws by exercising object code rather
than by analyzing source code.

These factors are all extremely complex, so it will be interesting to
see how the security posture of Linux evolves as it becomes more
widespread.

Q: Worm after worm continues to hit the Internet. Users are still
clicking on attachments and downloading damaging viruses. How can we
stop the cycle?

Social engineering has always been one of the greatest challenges to
security. Those who wish to do harm always seem to play upon natural
human curiosity and weakness.

This will always be a problem. While user education is important, we are
firm believers that the only truly effective way to stop these threats
is to do so before they have the opportunity to reach end users. By
implementing effective security solutions at the network gateway and
preventing attacks from ever reaching users, companies can take great
strides to protect themselves against these threats.

Q: A lot of people still think of spam as a nuisance. How big of a
security risk has spam become?

Spam has become a real security issue as the lines between spam activity
and malware have become blurred. We believe that, in addition to using
intelligent filtering and content analysis technologies to reduce the
amount of undetected spam, it will be necessary to raise the ''cost'' of
sending spam to the point where the return is no longer attractive in
order to truly curtail the practice. There are, of course, many
parameters to the notion of ''cost'', so it should be possible to make a
big dent in spam activity without necessarily charging for email.

Q: What do you see coming down the road in terms of security
technology?

The key challenges -- and opportunities -- will be to deliver security
technologies that are enablers of all of the new and exciting
applications that have only started to show their promise, such as voice
and video, instant messaging, real-time collaboration, e-commerce, and
more. The individual piece parts -- encryption algorithms,
authentication systems, and the like will continue to improve. But the
real benefits will come when security becomes embedded with, and
ultimately as ubiquitous and invisible as the network itself.